On Sun, Sep 19, 2004 at 08:03:17PM +0100, Andrew Suffield wrote: > appreciably secure, and users can't tell the difference anyway. This > doesn't matter because nobody attacks anything worthwhile by capturing > traffic. SSL is basically irrelevant on the modern internet [see > crypto-gram, earlier this year]. After searching about I found: http://www.schneier.com/paper-pki-ft.txt http://www.schneier.com/crypto-gram-0401.html Letter from John Viega Either I am opening a can of worms here or I am wasting time, but what am I or applications supposed to be using then? It is a myth that passwords in the plain is a bad idea? Aren't there tools in existence to detect ftp/telnet/insecure authentications? Does the "modern internet" mean we are packet switched to safety? I have seen people create different passwords for different services, but I wanted every user to use the same password from PAM for every service my Debian box offers. Am I being too naive? Are there any other docs I have missed? http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-tools.en.html#s8.7 Doesn't inspire.
Description: Digital signature